Home  >  Article  >  Backend Development  >  php anti-injection code_PHP tutorial

php anti-injection code_PHP tutorial

WBOY
WBOYOriginal
2016-07-20 11:06:14766browse

This article provides some commonly used basic SQL injection prevention codes for PHP programmers. We can customize some unsafe SQL statements or commands to judge and then prevent program execution.

This article provides some commonly used basic SQL anti-injection codes for PHP programmers. We can customize some unsafe SQL statements or commands to judge and prevent program execution.

//Illegal characters to be filtered
$ArrFiltrate=array("'",";","union");

//Error The url to be jumped after, if not filled in, the previous page will be defaulted
$StrGoUrl="";

//Whether there is a value in the array
function FunStringExist($StrFiltrate,$ArrFiltrate){
foreach ($ArrFiltrate as $key=>$value){
if (eregi($value,$StrFiltrate)){
return true;
}
}
return false;
}


//Merge $_POST and $_GET


if(function_exists(array_merge)){


$ ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS);


}else{


foreach($HTTP_POST_VARS as $key=>$value){


$ArrPostAndGet[]=$value;


}


foreach($HTTP_GET_VARS as $key=>$value){


$ArrPostAndGet[]=$value;


}


}


//Verification starts


foreach($ArrPostAndGet as $key=>$value){


if (FunStringExist($value,$ArrFiltrate)){


/ /echo "";


if (empty($StrGoUrl)){


echo "";


}else{


echo "";


}


exit;


}


}


?>


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/445036.htmlTechArticleThis article provides some commonly used basic SQL injection prevention codes for PHP programmers. We can customize some Unsafe SQL statements or commands are judged and then prevent program execution. Ben...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn